Subj : Google Patches Pair of Exploited Vulnerabilities in Android To : All From : TCOB1 Date : Wed Mar 05 2025 12:27:20 Google on Monday announced fixes for more than 40 vulnerabilities in Android, warning that two of the issues are actively exploited in the wild. The exploited flaws include CVE-2024-43093, a bypass of a file path filter in the Framework component that could lead to privilege escalation, and CVE-2024-50302, a zero-initialize issue with the report buffer in Linux kernel that could lead to memory leaks. GooglerCOs March 2025 Android security bulletin warns rCLthere are indicationsrCY that these security defects rCLmay be under limited, targeted exploitationrCY, without providing further information on the observed attacks. This is the second time Google warns of CVE-2024-43093 being exploited in the wild without sharing additional details, after rolling out fixes for it as part of the November 2024 Android update. According to a recent Amnesty International report, CVE-2024-50302 was likely exploited as a zero-day by CellebriterCOs mobile forensic tools to bypass the lockscreen of the Android phone of a Serbian student activist. The first part of this monthrCOs Android update, which arrives on devices as the 2025-03-01 security patch level, contains fixes for 30 vulnerabilities: nine in Framework and 21 in System. Of the bugs resolved in System, 10 are critical-severity issues, including eight that could lead to remote code execution. The remaining two could be exploited to elevate privileges and cause a denial-of-service (DoS) condition, respectively. rCLThe most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed,rCY Google notes. Advertisement. Scroll to continue reading. The second part of the update arrives on devices as the 2025-03-05 security patch level, addressing all the flaws above, vulnerabilities resolved with previous updates, and 13 additional security defects in Kernel, MediaTek, and Qualcomm components. On Monday, Google also published an Android Wear OS security bulletin, which details two security defects. Updating devices to a security patch level of 2025-03-01 also resolves the vulnerabilities patched in Android this month. While there were no Android Automotive OS security patches released this month, users are advised to update to a security patch level of 2025-03-01, which contains this monthrCOs Android fixes. https://www.securityweek.com/google-patches-pair-of-exploited-vulnerabilities-i n-android/ --- BBBS/LiR v4.10 Toy-7 * Origin: TCOB1: https/binkd/telnet binkd.rima.ie (618:500/1) .